Adding security routines

[cmehay]

This ticket is open to discuss about adding security routines in this project.

Regarding #40, I'm starting to work on adding Vanguards in this project, and issuing a convenient way to run a hidden service with it.

Please feel free to add any useful resources to increase security and privacy for running hidden services.

[onionltd]

Hey @cmehay, thanks for considering my open issue.

I personally don't think it's a good idea to embed vanguards in docker-tor-hidden-service image. Just looking at the WIP code #43, it's clear the complexity has gone up. Also, embedding it in the image I lost the ability to set different container settings (memory limits, logging etc) for Tor and Vanguards.

Is there a reason why you don't want to maintain vanguards as a separate docker image?

[cmehay]

This final image will give the ability to run Vanguards in the same container or in a separate one.

The goal is to be able to run Vanguards with just one env variable, but also to fine tune the settings if needed.

I figured out some file are missing in this commit, I added them.

For your last question, I like the idea to provide all needed tools in one single image, but one image does not mean one container to run, and it will be possible to setup complex network to isolate control port from hidden service network for instance.

[onionltd]

I like the idea to provide all needed tools in one single image, but one image does not mean one container to run

I didn't look at the code all that much, so correct me if I'm wrong. Are you saying that a single image will contain both Tor and Vanguards and depending on the container configuration, one or both processes will run?

If so, this is in "violation" of Docker best practices[1], adds unnecessary complexity and generally feels like a bad engineering, with all due respect.

[1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications

[cmehay]

I didn't look at the code all that much, so correct me if I'm wrong. Are you saying that a single image will contain both Tor and Vanguards and depending on the container configuration, one or both processes will run?

Yes, but it's not really a problem as long Vangards cannot work without accessing to tor data directory and not intended to work with something else than tor.

The goal of containerization is to embed a service prior than a binary, it's my goal when I started to work on this tor image, if I can add some binaries to provide a better service with less efforts for the user, it's good for me.

[onionltd]

Yes, but it's not really a problem as long Vangards cannot work without accessing to tor data directory and not intended to work with something else than tor.

True, vanguards requires access to the Tor's directory however Docker already has mechanisms for doing exactly that: volumes.

This is an example docker-compose.yaml I've been using it to successfully deploy your image together with https://github.com/onionltd/docker-vanguards:

  tor_hs:
    image: localhost/tor-hidden-service:v0.4.3.5
    restart: always
    environment:
      TOR_EXTRA_OPTIONS: |
        DataDirectory /var/lib/tor/hidden_service
        ControlPort 0.0.0.0:9051
        HashedControlPassword 16:AD24C66CB51CFF37600A296F5E2FDF51BA0BBFE19DB4D2786BF5FA7E5D
    volumes:
      - tor:/var/lib/tor/hidden_service/

  vanguards_hs:
    image: localhost/vanguards:latest
    restart: always
    environment:
      GLOBAL_CONTROL_IP: tor_hs
      GLOBAL_CONTROL_PORT: 9051
      GLOBAL_CONTROL_PASS: password1
      GLOBAL_ENABLE_VANGUARDS: "True"
      GLOBAL_ENABLE_BANDGUARDS: "True"
      GLOBAL_ENABLE_CBTVERIFY: "False"
      GLOBAL_ENABLE_RENDGUARD: "True"
      GLOBAL_CLOSE_CIRCUITS: "True"
      GLOBAL_ONE_SHOT_VANGUARDS: "False"
      GLOBAL_LOGLEVEL: NOTICE
      VANGUARDS_LAYER1_LIFETIME_DAYS: 0
      VANGUARDS_MAX_LAYER2_LIFETIME_HOURS: 1080
      VANGUARDS_MAX_LAYER3_LIFETIME_HOURS: 48
      VANGUARDS_MIN_LAYER2_LIFETIME_HOURS: 24
      VANGUARDS_MIN_LAYER3_LIFETIME_HOURS: 1
      VANGUARDS_NUM_LAYER1_GUARDS: 2
      VANGUARDS_NUM_LAYER2_GUARDS: 3
      VANGUARDS_NUM_LAYER3_GUARDS: 8
      BANGUARDS_CIRC_MAX_AGE_HOURS: 24
      BANGUARDS_CIRC_MAX_HSDESC_KILOBYTES: 30
      BANGUARDS_CIRC_MAX_MEGABYTES: 0
      BANGUARDS_CIRC_MAX_DISCONNECTED_SECS: 30
      BANGUARDS_CONN_MAX_DISCONNECTED_SECS: 15
      RENDGUARD_REND_USE_MAX_USE_TO_BW_RATIO: 5.0
      RENDGUARD_REND_USE_MAX_CONSENSUS_WEIGHT_CHURN: 1.0
      RENDGUARD_REND_USE_CLOSE_CIRCUITS_ON_OVERUSE: "True"
      RENDGUARD_REND_USE_GLOBAL_START_COUNT: 1000
      RENDGUARD_REND_USE_RELAY_START_COUNT: 100
      RENDGUARD_REND_USE_SCALE_AT_COUNT: 20000
    volumes:
      - tor:/var/lib/tor/hidden_service/
    depends_on:
      - tor_hs
volumes:
  tor:

[cmehay]

44